Your Final exam will be available on Saturday morning, December 9th at 6:00 AM and is due by 11:59 PM on Sunday December 10th.. You will have one try at the exam and must answer 75 questions in 90 minutes. Set aside a quiet time to make sure you give yourself every advantage. If you run into any system problems you must call me immediately at 910 880 1254 so that we can work them out. Best of luck on the exam.

I will post your final grades by Friday, December 15th.

Finally, we want to thank all of you for your hard work and interest in the topic. We have been telling everyone in the department just how incredible your discussions have been. You have brought a level of nuance and practicality that we rarely achieve in classroom discussions. Well done!

The final exam will be on Blackboard and will be 75 questions. I will post the exam on Saturday December 9th @ 6:00 AM and give you until Sunday night, at 11:59 PM to complete it. You have 90 minutes to complete the exam.If you have any problems with the software you must contact me immediately at 910 880 1254. I recommend you find a quiet place with good connectivity at which to take the exam.

I liked how you referred back to other topics that we have considered in the past 12 weeks.

Let me take you through our view of them:

IT Administrative Controls – really lax both inside both iPremier and at the ISP. I get the sense that very little is actually in control here. WoW on company equipment and company time? Poorly organized and poorly run.

IT Governance – There appears to be little knowledge or interest in IT from the executive level of the company. How can this be for a company that runs on an e-platform? Inexcusable. Certainly, there is no conscious effort to guide IT as it supports the business. Ad- hoc decision making and a culture of do what’s needed now and we’ll worry about the rest later seems to be a work here.

Enterprise Architecture, IT Strategy, Portfolio Management – There doesn’t seem to be any.

Policy – Again, if they exist, they seem to be on the shelf like the disaster recovery plans. Even the CEO acknowledged that they needed a closer look at how they did things.

IT Services and Quality – Again, there does not appear to be a disciplined look at what IT services they are using/providing. Furthermore, there is no sense of continuous improvement or some of the Disaster Recovery plans problems would have been identified and fixed.

Outsourcing – They picked the ISP because they knew someone? Really?

Monitoring – Doesn’t appear that they did much beyond the basics of operating a system. But then, if you haven’t defined any IT services, how could you monitor them?

Risk – No risk culture in the organization, no risk culture in IT. I’m tempted to say that they looked at Disaster Recovery planning as a compliance issue, not as a control. They were required to have one, so someone wrote it and put it on the shelf for the auditors to see, but they never did anything with it.

All of this leads to a situation where a breach was eminently possible with a poor response guaranteed.

The whole idea of running an IT organization under control is that you have organizational discipline. This doesn’t eliminate the potential problems of a security attack or any other risk. It makes such risks much less likely to occur and it gives you a much better position from which to deal with them if they do occur. This is the point of everything you will be learning in this program.